Traditionally, security systems have been employed for detecting and optionally removing unwanted code (e.g. malware, etc.). Unfortunately, traditional security systems have exhibited various limitations in determining whether files used to automatically launch content (hereinafter autorun files) are unwanted (e.g. malicious, etc.). Just by way of example, traditional security system have customarily only removed unwanted content capable of being automatically launched by an autorun file, without also removing the autorun file. Thus, the remaining autorun file, when loaded, is typically is a source of unwanted errors since the content attempted to be launched by such autorun file is nonexistent.
However, even when some traditional security systems have attempted to remove unwanted autorun files, the techniques employed to do so have been problematic. For example, contents of the autorun file may be obfuscated by a malware author, malware launched by, and thus referenced by, the autorun file may have a random file name, etc. such that traditional string or hash based signature detection techniques for identifying the autorun file as unwanted may be prevented. As another example, if the malware launched by the autorun file has a common file name (e.g. a file named for non-malicious purposes as well), simply identifying the autorun file as unwanted based on a detection of the common file name therein may result in a false detection of the autorun file as unwanted. There is thus a need for addressing these and/or other issues associated with the prior art.